The demand for digital communication services has resulted in unprecedented data network growth. Network growth has occurred both in terms of the number of nodes (i.e., the number of network-connected computing devices) as well as the amount of communications traffic between those nodes. This network growth has been supported by increased node computing power as well as the advent of broadband data transport hardware; an orders-of-magnitude quantitative change that has, in many respects, resulted in a new network environment.
At the same time, the standardized data communication protocols that launched the data network revolution have remained relatively static. For example, transmission control protocols in compliance with Postel, J., “Transmission Control Protocol—DARPA Internet Program Protocol Specification,” RFC 793, USC/Information Sciences Institute, published September 1981, and internet protocols in compliance with Postel, J., “Internet Protocol,” RFC 791, USC/Information Sciences Institute, published September 1981 (i.e., TCP/IP), are still involved in directing much of today's data network traffic. This gap between some of the communication protocols in use and other aspects of the modern network environment may be exploited by another modern network trend: an increasing number and variety of malicious network nodes.
New protocols such as secure sockets layer (SSL) and IP security protocol (IPsec) have been developed that are resistant to some forms of attack by malicious nodes. However, such new protocols are only of benefit when they are actually employed. The majority of network traffic is still sent “in the clear” using older network protocols and is still vulnerable to attack. A type of attack that is generally difficult for older protocols to defend against is a denial of service (DoS) attack and, more particularly, a denial of service attack that involves an attacker mimicking or “spoofing” protocol messages from legitimate network nodes.
Legitimate protocol messages have parameters with values in particular ranges. Although an attacker may have limited information with regard to valid parameter values for a particular connection, the attacker may raise their chance of mimicking a legitimate protocol message by sending large numbers of messages with varying parameter values. While this chance of mimicking may have been an acceptably remote possibility in the past, in the new network environment, the chance of successfully mimicking may rise to unacceptably high levels.
Beyond causing service degradation by simple flooding, attackers that successfully mimic legitimate protocol messages can interrupt an active connection, for example, by mimicking a legitimate connection reset message, and may even inject trojan data into an active transmission thus compromising its integrity and once again possibly resulting in a denial of service. There is a need to incorporate mitigation mechanisms for these types of denial of service attacks into older protocols. Minimizing the protocol impact of mitigation mechanisms is desirable because even small performance changes may be significant at the network level for a widely used protocol. For example, an increase in protocol message size may result in a loss of scalability. In addition, mitigation mechanisms should be tolerant of the imperfections of practical network environments such as unpredictable node and connection failures as well as network nodes running protocol stacks that do not entirely comply with protocol standards.